clients icon indicating copy to clipboard operation
clients copied to clipboard
verified publisher icon bitwarden

"mac failed." upon unlocking an already unlocked vault

Open wherron01 opened this issue 2 years ago • 6 comments

Steps To Reproduce

Unlock the vault with "bw unlock [password] --raw" Unlock the already unlocked vault again with "bw unlock [password] --raw"

Expected Result

Regeneration of session key, continuation of unlocked status, ONLY SESSION KEY RETURNED

Actual Result

All of the above, with the exception of returning "mac failed." in addition to the session key

Screenshots or Videos

No response

Additional Context

It also randomly returns "mac failed." when doing other things, like locking the vault, or logging out, but inconsistently. Unlocking a previously unlocked vault is the only consistent trigger I have found.

Operating System

Linux

Operating System Version

Arch

Shell

Zsh

Build Version

2023.10.0

Issue Tracking Info

  • [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

wherron01 avatar Nov 22 '23 00:11 wherron01

Hello there,

This issue often relates to decryption errors. Have you recently rotated your encryption keys?

Krychaz avatar Nov 22 '23 13:11 Krychaz

Hello! Sorry for the late response. No, I have not rotated my keys recently. Should I?

wherron01 avatar Dec 07 '23 06:12 wherron01

Hi, we are suffering the same problem. We have integration tests scheduled every 10 minutes. In the test, we do:

  • bw login --apikey
  • bw unlock exporting the BW_SESSION
  • bw get password ...

and crashes randomly. We see lots and lots of "mac failed" in the log. In our case is not previously unlocked.

Thanks.

antonioskyc avatar Mar 12 '24 13:03 antonioskyc

I experience it too, it's weird but doesn't break anything for me. It just raises concerns that something might not be working well and I am not able to make something out of this message.

phaabe avatar Mar 26 '24 14:03 phaabe

I get this all the time now.... didn't used to be like this before.

Starefossen avatar Jun 29 '24 19:06 Starefossen

seeing this also for every command, event doing something like

#bw --version
mac failed.
2024.6.0

macos 12.7.5

locking, unlocking and setting to newer BW_SESSION seems to have fixed it.

#bw --version
2024.6.0

thezoggy avatar Jul 01 '24 03:07 thezoggy

I am seeing the mac failed. prompt any time that I try to get anything from the vault. I have done a logout, logout, and removed the data.json file and done a fresh authentication.

❯ bw --version
2024.6.1

❯ node --version
v22.5.1

mphillippiAPG avatar Jul 24 '24 17:07 mphillippiAPG

@mphillippiAPG locking and unlocking solved it for me.

natarajmb avatar Jul 25 '24 12:07 natarajmb

@natarajmb thanks for that. I have tried this as well however, the issue continues:

❯ bw logout
You have logged out.
❯ bw login
? Email address: xxx
? Master password: [hidden]
? Two-step login method: YubiKey OTP Security Key
? Two-step login code: xxx
You are logged in!

To unlock your vault, set your session key to the `BW_SESSION` environment variable. ex:
$ export BW_SESSION="xxx"
> $env:BW_SESSION="xxx"

You can also pass the session key to any command with the `--session` option. ex:
$ bw list items --session OsAZx00e6zWAq2FMbjmNyqt7Cm5wPFPqs8Xb2MxTzV8iKuNLxBBzlT7PMsbmigGcQM/hiwXXuqKTk78C+3azYA==
❯ export BW_SESSION="xxx"
❯ bw get totp domain
mac failed.
mac failed.
mac failed.
xxxxxx

mphillippiAPG avatar Jul 25 '24 17:07 mphillippiAPG

since this doesn't seem to stop the command from returning data, i have temporarily redirected the stderr output to /dev/null. unfortunately, this means that if any legitimate error where to be presented, i wouldn't know about it.

mphillippiAPG avatar Jul 26 '24 17:07 mphillippiAPG

@mphillippiAPG I have better luck with bw lock and bw unlock [password]

erikhSSI avatar Jul 26 '24 19:07 erikhSSI

so my work around here was to add a line to my .zshrc to eliminate the printing of the error:

bw() { command bw "$@" 2> /dev/null }

mphillippiAPG avatar Sep 24 '24 17:09 mphillippiAPG

⚠️ Stale Issue Notice

This issue has been automatically marked as stale due to inactivity. It will be closed in 2 weeks (October 15, 2025) if no further activity occurs.

If this issue is still relevant and you would like to keep it open, please:

  • Comment on this issue to show continued interest
  • Provide any additional information or updates
  • Confirm that the issue still exists in the latest version

Thank you for your contribution to this project! 🙏

closebot-bw avatar Oct 01 '25 18:10 closebot-bw

🔒 Issue Closed Due to Inactivity

This issue has been automatically closed due to lack of activity for an extended period. We periodically review and close inactive issues to help maintain our issue tracker and focus on current priorities.

If this issue is still relevant:

  • Please create a new issue with updated information
  • Include steps to reproduce the problem if it's a bug report
  • Mention if this issue still occurs in the latest version

Thank you for your contribution to this project. Your feedback helps us improve! 🙏

closebot-bw avatar Oct 16 '25 19:10 closebot-bw